Firewall Rules Question
teancum144
Member Posts: 229 ■■■□□□□□□□
in SSCP
I found a question worded similarly to the following:
Which of the following best describes the following firewall configuration issues?
B. Stealth rule, silent rule
C. Silent rule, negate rule
D. Stealth rule, silent rule
The answer is "C" with the an explanation similar to the following:
Edit: If you want to review the original verbiage of the question, it is based on #33 from the AIO book on page 751.
Which of the following best describes the following firewall configuration issues?
- Current firewall logs are excessively large with useless data
- Currently, the “any-any” rule type is in place
B. Stealth rule, silent rule
C. Silent rule, negate rule
D. Stealth rule, silent rule
The answer is "C" with the an explanation similar to the following:
- Silent rule: Drop "noisy" traffic without logging it. This reduces log sizes by not responding to packets that are deemed unimportant.
- Stealth rule: Disallows access to firewall software from unauthorized systems.
- Cleanup rule: The last rule in the rule base, which drops and logs any traffic that does not meet preceding rules.
- Negate rule: Used instead of the broad and permissive "any rules." Negate rules provide tighter permission rights by specifying what system can be accessed and how.
Edit: If you want to review the original verbiage of the question, it is based on #33 from the AIO book on page 751.
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post.
Comments
-
JDMurray Admin Posts: 13,092 AdminThe first bullet point is referring to a problem where the firewall logs are recording a lot of events that the operations people might not find useful, such as session opened, session closed, and connection dropped. The explanation indicates this situation is mitigated by the "silent rule," by configuring the firewall not to log the specific events you don't want to see in the logs.
The second bullet point indicates that the last firewall rule is "any any", which allows all traffic through the firewall that isn't dropped by the preceding rules. The explanation indicates the "negate rule" is a better configuration by having the firewall explicitly accept only traffic that it is expecting and drop all other traffic by using a final "deny deny" rule.
I think these rules are from Check Point firewall documentation. -
aftereffector Member Posts: 525 ■■■■□□□□□□I must be confused too. I understand what you're saying, JD, but the question seems to be asking what the original configuration is (not what should be implemented to mitigate the issues). The Shon Harris question is "Which of the following best describes the firewall configuration issues [described]?", which as I interpret the answers, would be Stealth / Cleanup, or answer A.CCIE Security - this one might take a while...
-
JDMurray Admin Posts: 13,092 AdminI keyed on the word "issues" in the question as indicating "things that need to be fixed." I agree that it could be better worded to be more clear about what the question is asking.
-
teancum144 Member Posts: 229 ■■■□□□□□□□This is another example of the question I raised in the following thread: Although the AIO book discusses these rules (i.e. cleanup, negate, silent, stealth), a search in the OG produces no results. Because these rules are not mentioned in the OG, is it safe to assume these rules will not be included in the CISSP test?If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post.
-
JDMurray Admin Posts: 13,092 AdminI do believe those terms are vendor-specific, and I don't believe you will find any Shon Harris publications listed in the CISSP CIB, so I think you only need to understand the basic concepts of firewall configuration/troubleshooting and not the specific details.
-
f0rgiv3n Member Posts: 598 ■■■■□□□□□□I have never heard the terms silent rule, negate rule or clean-up rule in my CISSP, CCNA-Sec or CCNP studies. That might give you an idea of how applicable those terms are.
-
teancum144 Member Posts: 229 ■■■□□□□□□□I have never heard the terms silent rule, negate rule or clean-up rule in my CISSP, CCNA-Sec or CCNP studies. That might give you an idea of how applicable those terms are.If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post.